CVE-2023-26455

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.6 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
OXCNA
5.6 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
open-xchangeopen-xchange_appsuite
𝑥
< 7.10.6
open-xchangeopen-xchange_appsuite
7.10.6
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6069
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6073
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6080
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6085
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6093
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6102
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6112
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6121
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6133
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6138
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6141
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6146
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6147
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6148
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6150
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6156
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6161
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6166
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6173
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6176
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6178
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6189
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6194
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6199
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6204
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6205
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6209
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6210
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6214
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6215
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6216
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6218
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6219
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6220
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6227
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6230
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6233
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6235
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6236
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6239
open-xchangeopen-xchange_appsuite
7.10.6:patch_release_6241
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf